Fog Creek Software
Discussion Board




Bigger than Munich (china decision)

http://news.com.com/2100-1012_3-5064978.html?tag=lh

Pedro
Monday, August 18, 2003

And voila! Microsoft is no longer a global monopoly!

[grin]

Philo

Philo
Monday, August 18, 2003

Will you still [grin] when linux is a monopoly?

-food for thought
Monday, August 18, 2003

As long as there is a need for programmers, I will be grinning. Of course if a monopoly in Linux means we all have to program for free in our spare time, then I probably will not be grinning.

m
Monday, August 18, 2003

What would it mean for Linux to be a monopoly?

Seriously, what do you mean by that? The UNIX API runs happily on every major OS out there: Interix on the NT kernel, Mac OS X on Mach, Linux itself, commercial UNIX, OS/9000 and QNX in the RT world (Windows CE being perhaps the one exception... it seems to be designed to make it hard to efficiently port UNIX to, and it's not even terribly good at hosting Windows), DEC-I-mean-Compaq-I-mean-HP VMS and IBM's mainframe and mini systems (and their Penguin Herd), and of course BSD.

Which Linux? Red Hat? Debian? Suse? Caldera-I-mean-SCO (whoops, scrub that one)?

Nah, it'd be easier to get athletes and sportsfans to get together to run the world. Next thing you know there'd be a player's strike and they'd lock out the army...

Peter da Silva
Monday, August 18, 2003

Philo,

>And voila! Microsoft is no longer a global monopoly!

Your sarcasm ratio is 100% when Linux vs. MS comes up.
I have to agree with you; this topic about Linux vs. Windows is getting kindof tired here.

PS. Did you know, Linux will outperform...oh, well never mind.

Patrik
Tuesday, August 19, 2003

/. still not accepting posts?

Robert Moir
Tuesday, August 19, 2003

Why did linux come into this thread?

The article states "...government ministries must buy only locally produced software...", last I heard Linus Torvalds wasn't chinese...

What percentage of Linux developers would have to be chines to make Linux "locally produced"... and if they can't use Linux what OS is made in China?

Chris
Tuesday, August 19, 2003

Depends what you mean by locally produced.  A pirate copy of Windows is 'locally produced' after all.

Ben
Tuesday, August 19, 2003

" last I heard Linus Torvalds wasn't chinese"

ever heard of 'red flag linux'?  (seriously)

<g> quite obviously that proves the 'linux is communist' argument.

OTOH Im not entirely surprised China is a little unwilling to trust closed source solutions from america....

FullNameRequired
Tuesday, August 19, 2003

http://www.linuxjournal.com/article.php?sid=5116

FullNameRequired
Tuesday, August 19, 2003

No I never knew about "red flag linux".

"OTOH Im not entirely surprised China is a little unwilling to trust closed source solutions from america.... "

I am not clear from your link, did they rewrite a version of linux? or is it a customised version of standard linux?

If it is just a customised standard linux, then I would of thought a country as seemingly paranoid as china would have concerns about companies like IBM and SCO etc being so involved in the development of linux.

But at least "red flag linux" does show what they will be replacing windows with - and now I know.

Chris
Tuesday, August 19, 2003

"/. still not accepting posts?"

Looks like someone http://www.microsoft.com/windowsserver2003/community/mvp/bios/moir.mspx might be a little biased, no?


        

no fud allowed
Tuesday, August 19, 2003

This has nothing to do with technology and is purely an economic protectionist measure.

Just me (Sir to you)
Tuesday, August 19, 2003

So then we can assume that MS software does not offer lowest tco because if it did, China would use it and have the savings to spend on other things.

I get cha
Tuesday, August 19, 2003

Labor cost is ~0.

Just me (Sir to you)
Tuesday, August 19, 2003

"no fud allowed":
Its hardly a secret I'm a Microsoft MVP. IIRC its even noted on this website. It doesn't stop me having an opinion or as much (or little!) right to share it as anyone else.

As for 'biased', I guess you managed to do all that research on me but miss the bit on my website posted just this week where I praised Knoppix and FileZilla, one of which is a Linux distro and one open source program that runs on Windows.

If you look really closely in the related photos you'll also see I'm running FreeBSD in a VMWare session too. Hardly bias. I'm quite comfortable knowing and talking about the strengths and weaknesses of pretty much all major systems.

Bad research on your part? Or spreading a little fud of your own?

Robert Moir
Tuesday, August 19, 2003

THey don't have to "buy" linux, therefore even if you don't consider red flag linux Chinese enough to qualify, linux still suits the law.

If they find a secret backdoor in Linux, they can patch it and recompile all their software (not that it would be easy).

If they find that there is a secret backdoor in closed source american software, they can't exactly just hex edit it out.


Supporting your own homegrown economy is a perfectly valid decision.  The US does it with our steel, cotton, and lumber industries, for example.

Richard Ponton
Tuesday, August 19, 2003

This is a much bigger issue. China has been resisting American demands to stop widespread software piracy, especially since such demands are increasingly being tied to trade deals.

Also, this claim about American software having hidden functions is a bit spurious. Any competent sys admin can spot unexpected operations. Because of this, no reputable software vendor would dare risk having unusual functions in their product, because it would be impossible to deny responsibility. This is the exact opposite of the case with open source.

Also, does China worry about American food having unusual elements?

.
Tuesday, August 19, 2003

"Also, this claim about American software having hidden functions is a bit spurious."

?? as in unlikely?  I dont really agree.  From a certain POV the american government would be stupid _not_ to insist that microsoft do this.

"Any competent sys admin can spot unexpected operations."

<g> and how about the incompetent ones?  In my experience there are more of them.
But if nothing else, how about inconsistent sending of information?  something that it attempts to do once a year?  only at obscure times?  I can think of a thousand ways to use software that I create to my advantage?
How about software with a back door that MS can shut down at will?  software that, once it receives a certain message, suddenly shuts down.
Every computer in china receiving the instruction at the same time and sending floods of confidential data to american receives.
That would only work once of course, but it _could_ be rather devastating.


"This is the exact opposite of the case with open source."

? I have no idea what you are talking about here....what is?

Open Source is by its very nature easier to trust, if you have any doubts you can look for yourself.

"Also, does China worry about American food having unusual elements?"
<g> I dont know this for a fact but I would say that the amount of american food china imports is probably amazingly small.
So I would bet not.

FullNameRequired
Tuesday, August 19, 2003

Dear FullName

1. If someone installs and runs a commercial product, they can be highly confident that the executable comes from the specified provider and that no-one has had an easy opportunity to make modifications to that executable.

2. By comparison, if someone's running an open source product, they have much less certainty that the source code has not been tampered with, or that the executable - if they're just trusting for the best and installing the compiled executable - has been built from trusted code. Please don't tell me you personally inspect the source for Apache every time you run it.

.
Tuesday, August 19, 2003

Dear NoName,

"If someone installs and runs a commercial product, they can be highly confident that the executable comes from the specified provider and that no-one has had an easy opportunity to make modifications to that executable"

Can they really? you mean 'no one outside of the company' of course?  I mean we _know_ that unauthorised code slips into commercial software all the time dont we?  thats what easter eggs are...
<g> I _write_ commercial products and I mix with other people who do.  I know _exactly_ how secure the systems of the average company are.

"By comparison, if someone's running an open source product, they have much less certainty that the source code has not been tampered with

Thats not really true at all, is it?  Open Source code as a rule is _not_ run like a wiki.  Its not possible for just anyone to push their patch into the source.  As a rule there are trusted people who are responsible for taking patches to the code, running them, testing their effects and eventually compiling them into _their_ branch.
Over time if the patch is considered worthwhile it works its way up the tree and is finally applied to the release branch, or the 'trusted' branch.
Why dont you try it?  try to submit a malicious patch into the Linux kernel?  or MySQL?  or Apache?  Ill bet you an awful lot of money you dont get very far at all.

", or that the executable - if they're just trusting for the best and installing the compiled executable - has been built from trusted code. "

I dont understand why you believe that a commercial company that keeps its source closed is to be trusted more than a commercial company that releases its source into the community or bases its products on open source software?

"Please don't tell me you personally inspect the source for Apache every time you run it."

nope :)  But I never install a new version until its been thoroughly tested on a non-critical machine first either.

Do you?

FullNameRequired
Wednesday, August 20, 2003

"I dont understand why you believe that a commercial company that keeps its source closed is to be trusted more than a commercial company that releases its source into the community or bases its products on open source software? "

I don't understand why anyone thinks this has any bearing on whether or not you should trust a company or not. I certainly don't use this as a basis for deciding who i should trust.

The idea that being able to read the source code means you can trust the authors is a myth, or rather, there are two problems

i) The majority of people won't do it because they can't be bothered, or they don't understand code, etc.

ii) It won't help anyway. Read http://www.acm.org/classics/sep95/ for an interesting point of view on this problem

Robert Moir
Wednesday, August 20, 2003

"I don't understand why anyone thinks this has any bearing on whether or not you should trust a company or not."

_that_ is definitely what I wanted to say.

"The idea that being able to read the source code means you can trust the authors is a myth"

LOL
dont tell anyone, but actually I totally agree.  I bring that up only in response to people who claim that open source code is somehow more untrustworthy than closed source code, on the basis that if they believe the one obvious fallacy they are unlikely to spot (or clearly articulate) the other.

<g> In all the time I have been doing this, you are the first and only person to come up with the perfectly obvious response and justify it in such a clear way.
(interesting link btw, its not the first time Ive seen it but its one of those little truths that are well worth remembering and repeating to yourself over and over again)

The point is that for most well run open source projects getting your patch accepted and used in the 'trusted' branch requires jumping through enough hoops that on average if it is accepted it is (a) unlikely to be a trojan and (b) prolly not going to introduce a bug.

This does not mean that its not possible, nor does it mean that anyone should blindly trust open source code just because its open source code, anymore than closed source code should be blindly trusted.

As far as I can see they both have a place in this world, and they both produce both good and bad results depending entirely on who is running them.

FullNameRequired
Wednesday, August 20, 2003

*g* of course peer reviewed open source code may well make introducing bugs (on purpose or not) more difficult. That depends on the quality of the peers doing the reviewing.

Its obviously easier to write some half baked utility that crashes 50% of the time than it is to introduce a serious bug into the Linux kernal.

But as you say "Blind Trust" is asking for trouble. And lets face it, the only *guarantee* that trust brings is the expectation that things wont be screwed up on purpose.

And you get that same guarantee with closed source anyway -- you might (and should) question Microsoft's QA procedure in light of the RPC bug, but does anyone seriously think they stuck it in on purpose given the egg it left on their faces?

Thought not!

Robert Moir
Wednesday, August 20, 2003

"That depends on the quality of the peers doing the reviewing. "

of course, in exactly the same way that the excellence of closed source depends on the quality of the peers.

For this particular area I _would_ claim an advantage to open source software, assuming everything else is equal, just because although only a few tend to make changes to the 'trusted' branch, a much larger number of people will tend to have actually viewed the code, and commented on the gaping bugs and/or security holes.
The basic math of # of eyes reducing the bugs and security holes seems to me to be pretty much common sense.


"Its obviously easier to write some half baked utility that crashes 50% of the time than it is to introduce a serious bug into the Linux kernal."

<g> I have certainly done one more often than the other...


"the only *guarantee* that trust brings is the expectation that things wont be screwed up on purpose.
And you get that same guarantee with closed source anyway"

I totally agree.


"but does anyone seriously think they stuck it in on purpose given the egg it left on their faces?"

given that the number of people who still believe that the world is flat is actually a measurable % of the population, I would say that there is almost certainly someone out there who believes exactly that.....

FullNameRequired
Wednesday, August 20, 2003

hi Robert,

sorry..Ive only just realised that your last comments were largely aimed at my comments about china/windows/linux

..sorry, its nearly 2 am here and Im a little tired.  (talk about writing untrustworthy code, lets take a guess at how much of what Ive done tonight will break tomorrow...)

I believe that China is something of a special case in regards to trusting the windows operating system

The bottom line there is that whether or not windows actually contains easter eggs designed to undermine their security is almost irrelevant, the problem is whether or not they can _know_ one way or the other.
Obviously they cannot unless they can view the source and compile that themselves.

Given the obvious importance the answer has for thei security of their country, and the obvious conflict of interest a company like MS has given that it is largely based in a country with a radically different outlook, I can understand why China would decide not to go that way.
Given then that they cannot/wont use windows they have to look around for an alternative, they could obviously design their own but why should they bother given that there is already an operating system available that is largely complete and that they can alter as they wish.

Basically I believe that any decision made by China to go with a Linux variant over Windows will have very little to do with the relative strengths of the two systems and an awful lot to do with the cost and open nature of the Linux codebase.

...and I also suspect that many changes will be made to that codebase that will not be reflected back to the general community.

<shrug>

FullNameRequired
Wednesday, August 20, 2003

Another reason for the decision: the Chinese government may wish to *create* their own backdoors.

Peter Breton
Wednesday, August 20, 2003

What would be fun though is GNU/FSF trying to enforce the GPL on the Chinese authorities :-).

Just me (Sir to you)
Wednesday, August 20, 2003

"Another reason for the decision: the Chinese government may wish to *create* their own backdoors"

to spy on their own people?  thats perfectly possible I suspect, 'encouraging' chinese people to use their blessed version of Linux wouldn't be hard.

If you mean to spy on others I suspect _that_ would be harder, look at the earlier posts on the hoops involved in getting a patch submitted to the 'trusted' branch of Linux.

<g> mind you, they could always bribe Linus....

FullNameRequired
Thursday, August 21, 2003

"If it is just a customised standard linux, then I would of thought a country as seemingly paranoid as china would have concerns about companies like IBM and SCO etc being so involved in the development of linux."

SCO is not involved with the development of Linux. SCO (Caldera, actually, they renamed themselves after buying the UNIX software and copyrights from SCO (who are now Tarantella)) had their own version of Linux but it has been failing in the market.

But it doesn't matter who's involved in it, because a backdoor in an OS delivered as source is not a likelihood. Having access to the source is not enough, by the way, because you don't know if the source you hold in your hand matches the binary you just installed inless you compiled it yourself with a trustable compiler.

Peter da Silva
Sunday, August 24, 2003

*  Recent Topics

*  Fog Creek Home